General improvements (#138)

* Rearrange hooks to match lifecycle order

* Fully qualify module names

BREAKING CHANGE: To use FQCNs at least Ansible 2.9 is required [2].

From the commonly presented note in the Ansible documentation, e. g.
of Ansible's builtin debug module [1]:

  [...] we recommend you use the FQCN for easy linking to the module
  documentation and to avoid conflicting with other collections that
  may have the same module name.

[1]: https://docs.ansible.com/ansible/latest/collections/ansible/builtin/debug_module.html
[2]: https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#where-did-all-the-modules-go

* Update changelog
master
Felix Mai 3 years ago committed by GitHub
parent 5caaea2047
commit c4a5677f72
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -6,6 +6,12 @@ SPDX-License-Identifier: GPL-3.0-or-later
Changelog Changelog
--------- ---------
**9.0.0**
- set minimally required Ansible version to 2.9
- fully qualify modules names (requires Ansible >= 2.9)
- rearrange hooks to match lifecycle order
**8.4.0** **8.4.0**
- add support for installing wireguard in pve lxc guest (contribution by @tobias-richter) - add support for installing wireguard in pve lxc guest (contribution by @tobias-richter)

@ -3,7 +3,7 @@
# SPDX-License-Identifier: GPL-3.0-or-later # SPDX-License-Identifier: GPL-3.0-or-later
- name: restart wireguard - name: restart wireguard
service: ansible.builtin.service:
name: "wg-quick@{{ wireguard_interface }}" name: "wg-quick@{{ wireguard_interface }}"
state: "{{ item }}" state: "{{ item }}"
loop: loop:
@ -16,7 +16,7 @@
listen: "reconfigure wireguard" listen: "reconfigure wireguard"
- name: syncconf wireguard - name: syncconf wireguard
shell: | ansible.builtin.shell: |
set -o errexit set -o errexit
set -o pipefail set -o pipefail
set -o nounset set -o nounset

@ -5,7 +5,7 @@ galaxy_info:
author: Robert Wimmer author: Robert Wimmer
description: Installs Wireguard incl. systemd integration description: Installs Wireguard incl. systemd integration
license: GPL-3.0-or-later license: GPL-3.0-or-later
min_ansible_version: 2.7 min_ansible_version: 2.9
role_name: ansible_role_wireguard role_name: ansible_role_wireguard
namespace: githubixx namespace: githubixx
platforms: platforms:

@ -8,7 +8,7 @@
gather_facts: true gather_facts: true
tasks: tasks:
- name: Init pacman - name: Init pacman
raw: | ansible.builtin.raw: |
pacman-key --init pacman-key --init
pacman-key --populate archlinux pacman-key --populate archlinux
changed_when: false changed_when: false
@ -16,12 +16,12 @@
when: ansible_distribution|lower == 'archlinux' when: ansible_distribution|lower == 'archlinux'
- name: (Proxmox) Delete /var/lib/apt/lists/lock - name: (Proxmox) Delete /var/lib/apt/lists/lock
file: ansible.builtin.file:
name: /var/lib/apt/lists/lock name: /var/lib/apt/lists/lock
state: absent state: absent
ignore_errors: true ignore_errors: true
when: ansible_kernel.find("pve") != -1 when: ansible_kernel.find("pve") != -1
- name: Include WireGuard role - name: Include WireGuard role
include_role: ansible.builtin.include_role:
name: githubixx.ansible_role_wireguard name: githubixx.ansible_role_wireguard

@ -3,9 +3,9 @@
# SPDX-License-Identifier: GPL-3.0-or-later # SPDX-License-Identifier: GPL-3.0-or-later
- name: Gather instance facts - name: Gather instance facts
setup: ansible.builtin.setup:
- include_tasks: - ansible.builtin.include_tasks:
file: "{{ item }}" file: "{{ item }}"
apply: apply:
tags: tags:
@ -20,7 +20,7 @@
- wg-install - wg-install
- name: Enable WireGuard kernel module - name: Enable WireGuard kernel module
modprobe: community.general.modprobe:
name: wireguard name: wireguard
state: present state: present
register: wireguard__register_module_enabled register: wireguard__register_module_enabled
@ -35,22 +35,22 @@
- name: Generate keys | Check wg syncconf subcommand status - name: Generate keys | Check wg syncconf subcommand status
block: block:
- name: Register if config/private key already exists on target host - name: Register if config/private key already exists on target host
stat: ansible.builtin.stat:
path: "{{ wireguard_remote_directory }}/{{ wireguard_interface }}.conf" path: "{{ wireguard_remote_directory }}/{{ wireguard_interface }}.conf"
register: wireguard__register_config_file register: wireguard__register_config_file
- name: Get wg subcommands - name: Get wg subcommands
command: "wg --help" ansible.builtin.command: "wg --help"
register: wireguard__register_subcommands register: wireguard__register_subcommands
changed_when: false changed_when: false
check_mode: false check_mode: false
- name: Check if wg syncconf subcommand is available - name: Check if wg syncconf subcommand is available
set_fact: ansible.builtin.set_fact:
wg_syncconf: "{{ 'syncconf:' in wireguard__register_subcommands.stdout }}" wg_syncconf: "{{ 'syncconf:' in wireguard__register_subcommands.stdout }}"
- name: Show syncconf subcommand status - name: Show syncconf subcommand status
debug: ansible.builtin.debug:
var: wg_syncconf var: wg_syncconf
tags: tags:
- wg-generate-keys - wg-generate-keys
@ -59,7 +59,7 @@
- name: WireGuard private key handling for new keys - name: WireGuard private key handling for new keys
block: block:
- name: Generate WireGuard private key - name: Generate WireGuard private key
command: "wg genkey" ansible.builtin.command: "wg genkey"
register: wireguard__register_private_key register: wireguard__register_private_key
changed_when: false changed_when: false
no_log: '{{ ansible_verbosity < 3 }}' no_log: '{{ ansible_verbosity < 3 }}'
@ -67,7 +67,7 @@
- wg-generate-keys - wg-generate-keys
- name: Set private key fact - name: Set private key fact
set_fact: ansible.builtin.set_fact:
wireguard_private_key: "{{ wireguard__register_private_key.stdout }}" wireguard_private_key: "{{ wireguard__register_private_key.stdout }}"
no_log: '{{ ansible_verbosity < 3 }}' no_log: '{{ ansible_verbosity < 3 }}'
tags: tags:
@ -79,7 +79,7 @@
- name: WireGuard private key handling for existing keys - name: WireGuard private key handling for existing keys
block: block:
- name: Read WireGuard config file - name: Read WireGuard config file
slurp: ansible.builtin.slurp:
src: "{{ wireguard_remote_directory }}/{{ wireguard_interface }}.conf" src: "{{ wireguard_remote_directory }}/{{ wireguard_interface }}.conf"
register: wireguard__register_config register: wireguard__register_config
no_log: '{{ ansible_verbosity < 3 }}' no_log: '{{ ansible_verbosity < 3 }}'
@ -87,7 +87,7 @@
- wg-config - wg-config
- name: Set private key fact - name: Set private key fact
set_fact: ansible.builtin.set_fact:
wireguard_private_key: "{{ wireguard__register_config['content'] | b64decode | regex_findall('PrivateKey = (.*)') | first }}" wireguard_private_key: "{{ wireguard__register_config['content'] | b64decode | regex_findall('PrivateKey = (.*)') | first }}"
no_log: '{{ ansible_verbosity < 3 }}' no_log: '{{ ansible_verbosity < 3 }}'
tags: tags:
@ -97,7 +97,7 @@
- wireguard_private_key is not defined - wireguard_private_key is not defined
- name: Derive WireGuard public key - name: Derive WireGuard public key
command: "wg pubkey" ansible.builtin.command: "wg pubkey"
args: args:
stdin: "{{ wireguard_private_key }}" stdin: "{{ wireguard_private_key }}"
register: wireguard__register_public_key register: wireguard__register_public_key
@ -108,13 +108,13 @@
- wg-config - wg-config
- name: Set public key fact - name: Set public key fact
set_fact: ansible.builtin.set_fact:
wireguard__fact_public_key: "{{ wireguard__register_public_key.stdout }}" wireguard__fact_public_key: "{{ wireguard__register_public_key.stdout }}"
tags: tags:
- wg-config - wg-config
- name: Create WireGuard configuration directory - name: Create WireGuard configuration directory
file: ansible.builtin.file:
dest: "{{ wireguard_remote_directory }}" dest: "{{ wireguard_remote_directory }}"
state: directory state: directory
mode: 0700 mode: 0700
@ -122,7 +122,7 @@
- wg-config - wg-config
- name: Generate WireGuard configuration file - name: Generate WireGuard configuration file
template: ansible.builtin.template:
src: etc/wireguard/wg.conf.j2 src: etc/wireguard/wg.conf.j2
dest: "{{ wireguard_remote_directory }}/{{ wireguard_interface }}.conf" dest: "{{ wireguard_remote_directory }}/{{ wireguard_interface }}.conf"
owner: "{{ wireguard_conf_owner }}" owner: "{{ wireguard_conf_owner }}"
@ -135,14 +135,14 @@
- reconfigure wireguard - reconfigure wireguard
- name: Ensure legacy reload-module-on-update is absent - name: Ensure legacy reload-module-on-update is absent
file: ansible.builtin.file:
dest: "{{ wireguard_remote_directory }}/.reload-module-on-update" dest: "{{ wireguard_remote_directory }}/.reload-module-on-update"
state: absent state: absent
tags: tags:
- wg-config - wg-config
- name: Start and enable WireGuard service - name: Start and enable WireGuard service
service: ansible.builtin.service:
name: "wg-quick@{{ wireguard_interface }}" name: "wg-quick@{{ wireguard_interface }}"
state: "{{ wireguard_service_state }}" state: "{{ wireguard_service_state }}"
enabled: "{{ wireguard_service_enabled }}" enabled: "{{ wireguard_service_enabled }}"

@ -3,20 +3,20 @@
# SPDX-License-Identifier: GPL-3.0-or-later # SPDX-License-Identifier: GPL-3.0-or-later
- name: (AlmaLinux 8) Install EPEL & ELRepo repository - name: (AlmaLinux 8) Install EPEL & ELRepo repository
yum: ansible.builtin.yum:
name: name:
- epel-release - epel-release
- elrepo-release - elrepo-release
update_cache: true update_cache: true
- name: (AlmaLinux 8) Ensure WireGuard DKMS package is removed - name: (AlmaLinux 8) Ensure WireGuard DKMS package is removed
yum: ansible.builtin.yum:
name: name:
- "wireguard-dkms" - "wireguard-dkms"
state: absent state: absent
- name: (AlmaLinux 8) Install WireGuard packages - name: (AlmaLinux 8) Install WireGuard packages
yum: ansible.builtin.yum:
name: name:
- "kmod-wireguard" - "kmod-wireguard"
- "wireguard-tools" - "wireguard-tools"

@ -3,6 +3,6 @@
# SPDX-License-Identifier: GPL-3.0-or-later # SPDX-License-Identifier: GPL-3.0-or-later
- name: (Archlinux) Install wireguard-tools package - name: (Archlinux) Install wireguard-tools package
pacman: ansible.builtin.pacman:
name: wireguard-tools name: wireguard-tools
state: present state: present

@ -5,19 +5,19 @@
- name: (CentOS 7) Tasks for standard kernel - name: (CentOS 7) Tasks for standard kernel
block: block:
- name: (CentOS 7) Install EPEL & ELRepo repository - name: (CentOS 7) Install EPEL & ELRepo repository
yum: ansible.builtin.yum:
name: name:
- epel-release - epel-release
- https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm - https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm
update_cache: true update_cache: true
- name: (CentOS 7) Install yum-plugin-elrepo - name: (CentOS 7) Install yum-plugin-elrepo
yum: ansible.builtin.yum:
name: yum-plugin-elrepo name: yum-plugin-elrepo
update_cache: true update_cache: true
- name: (CentOS 7) Install WireGuard packages - name: (CentOS 7) Install WireGuard packages
yum: ansible.builtin.yum:
name: name:
- "kmod-wireguard" - "kmod-wireguard"
- "wireguard-tools" - "wireguard-tools"
@ -26,7 +26,7 @@
- wireguard_centos7_installation_method == "standard" - wireguard_centos7_installation_method == "standard"
- name: (CentOS 7) Ensure WireGuard DKMS package is removed - name: (CentOS 7) Ensure WireGuard DKMS package is removed
yum: ansible.builtin.yum:
name: name:
- "wireguard-dkms" - "wireguard-dkms"
state: absent state: absent
@ -34,24 +34,24 @@
- name: (CentOS 7) Tasks for kernel-plus - name: (CentOS 7) Tasks for kernel-plus
block: block:
- name: (CentOS 7) Install EPEL repository & yum utils - name: (CentOS 7) Install EPEL repository & yum utils
yum: ansible.builtin.yum:
name: name:
- epel-release - epel-release
- yum-utils - yum-utils
update_cache: true update_cache: true
- name: (CentOS 7) Enable CentosPlus repo - name: (CentOS 7) Enable CentosPlus repo
command: yum-config-manager --setopt=centosplus.includepkgs=kernel-plus --enablerepo=centosplus --save ansible.builtin.command: yum-config-manager --setopt=centosplus.includepkgs=kernel-plus --enablerepo=centosplus --save
changed_when: false changed_when: false
- name: (CentOS 7) Update to kernel-plus - name: (CentOS 7) Update to kernel-plus
replace: ansible.builtin.replace:
path: /etc/sysconfig/kernel path: /etc/sysconfig/kernel
regexp: '^DEFAULTKERNEL=kernel$' regexp: '^DEFAULTKERNEL=kernel$'
replace: 'DEFAULTKERNEL=kernel-plus' replace: 'DEFAULTKERNEL=kernel-plus'
- name: (CentOS 7) Install WireGuard packages - name: (CentOS 7) Install WireGuard packages
yum: ansible.builtin.yum:
name: name:
- "kernel-plus" - "kernel-plus"
- "wireguard-tools" - "wireguard-tools"
@ -59,7 +59,7 @@
register: centos7_yum_updates register: centos7_yum_updates
- name: (CentOS 7) Reboot Instance to update kernel - name: (CentOS 7) Reboot Instance to update kernel
reboot: ansible.builtin.reboot:
reboot_timeout: "{{ wireguard_centos7_kernel_plus_reboot_timeout }}" reboot_timeout: "{{ wireguard_centos7_kernel_plus_reboot_timeout }}"
when: when:
- centos7_yum_updates.changes is defined - centos7_yum_updates.changes is defined

@ -3,20 +3,20 @@
# SPDX-License-Identifier: GPL-3.0-or-later # SPDX-License-Identifier: GPL-3.0-or-later
- name: (CentOS 8) Install EPEL & ELRepo repository - name: (CentOS 8) Install EPEL & ELRepo repository
yum: ansible.builtin.yum:
name: name:
- epel-release - epel-release
- elrepo-release - elrepo-release
update_cache: true update_cache: true
- name: (CentOS 8) Ensure WireGuard DKMS package is removed - name: (CentOS 8) Ensure WireGuard DKMS package is removed
yum: ansible.builtin.yum:
name: name:
- "wireguard-dkms" - "wireguard-dkms"
state: absent state: absent
- name: (CentOS 8) Install WireGuard packages - name: (CentOS 8) Install WireGuard packages
yum: ansible.builtin.yum:
name: name:
- "kmod-wireguard" - "kmod-wireguard"
- "wireguard-tools" - "wireguard-tools"

@ -3,13 +3,13 @@
# SPDX-License-Identifier: GPL-3.0-or-later # SPDX-License-Identifier: GPL-3.0-or-later
- name: (Proxmox) Add WireGuard repository - name: (Proxmox) Add WireGuard repository
apt_repository: ansible.builtin.apt_repository:
repo: "deb http://deb.debian.org/debian buster-backports main" repo: "deb http://deb.debian.org/debian buster-backports main"
state: "{{ 'present' if (ansible_distribution_version | int <= 10) else 'absent' }}" state: "{{ 'present' if (ansible_distribution_version | int <= 10) else 'absent' }}"
update_cache: true update_cache: true
- name: (Proxmox lxc) Install wireguard-tools. - name: (Proxmox lxc) Install wireguard-tools.
apt: ansible.builtin.apt:
install_recommends: no install_recommends: no
name: name:
- wireguard-tools - wireguard-tools

@ -5,19 +5,19 @@
# SPDX-License-Identifier: GPL-3.0-or-later # SPDX-License-Identifier: GPL-3.0-or-later
- name: (Proxmox) Add WireGuard repository - name: (Proxmox) Add WireGuard repository
apt_repository: ansible.builtin.apt_repository:
repo: "deb http://deb.debian.org/debian buster-backports main" repo: "deb http://deb.debian.org/debian buster-backports main"
state: "{{ 'present' if (ansible_distribution_version | int <= 10) else 'absent' }}" state: "{{ 'present' if (ansible_distribution_version | int <= 10) else 'absent' }}"
update_cache: true update_cache: true
- name: (Proxmox) Install kernel headers for the currently running kernel to compile WireGuard with DKMS - name: (Proxmox) Install kernel headers for the currently running kernel to compile WireGuard with DKMS
apt: ansible.builtin.apt:
name: name:
- "pve-headers-{{ ansible_kernel }}" - "pve-headers-{{ ansible_kernel }}"
state: present state: present
- name: (Proxmox) Install WireGuard packages - name: (Proxmox) Install WireGuard packages
apt: ansible.builtin.apt:
name: name:
- "wireguard" - "wireguard"
state: present state: present

@ -3,12 +3,12 @@
# SPDX-License-Identifier: GPL-3.0-or-later # SPDX-License-Identifier: GPL-3.0-or-later
- name: (Raspbian) Install GPG - required to add WireGuard key - name: (Raspbian) Install GPG - required to add WireGuard key
apt: ansible.builtin.apt:
name: gnupg name: gnupg
state: present state: present
- name: (Raspbian) Add Debian repository keys - name: (Raspbian) Add Debian repository keys
apt_key: ansible.builtin.apt_key:
keyserver: "keyserver.ubuntu.com" keyserver: "keyserver.ubuntu.com"
id: "{{ item }}" id: "{{ item }}"
state: present state: present
@ -18,39 +18,39 @@
- "648ACFD622F3D138" - "648ACFD622F3D138"
- name: (Raspbian) Add Debian Buster Backports repository for WireGuard - name: (Raspbian) Add Debian Buster Backports repository for WireGuard
apt_repository: ansible.builtin.apt_repository:
repo: "deb http://deb.debian.org/debian buster-backports main" repo: "deb http://deb.debian.org/debian buster-backports main"
state: present state: present
update_cache: true update_cache: true
- name: (Raspbian) Install latest kernel - name: (Raspbian) Install latest kernel
apt: ansible.builtin.apt:
name: name:
- "raspberrypi-kernel" - "raspberrypi-kernel"
state: latest state: latest
register: wireguard__register_kernel_update register: wireguard__register_kernel_update
- name: (Raspbian) Reboot after kernel update (Ansible >= 2.8) - name: (Raspbian) Reboot after kernel update (Ansible >= 2.8)
reboot: ansible.builtin.reboot:
search_paths: ['/lib/molly-guard', '/usr/sbin', '/sbin'] search_paths: ['/lib/molly-guard', '/usr/sbin', '/sbin']
when: when:
- ansible_version.full is version('2.8.0', '>=') - ansible_version.full is version('2.8.0', '>=')
- wireguard__register_kernel_update is changed - wireguard__register_kernel_update is changed
- name: (Raspbian) Check if molly-guard is installed (Ansible < 2.8) - name: (Raspbian) Check if molly-guard is installed (Ansible < 2.8)
stat: ansible.builtin.stat:
path: /lib/molly-guard/ path: /lib/molly-guard/
register: wireguard__register_molly_guard register: wireguard__register_molly_guard
- name: (Raspbian) Reboot after kernel update (Ansible < 2.8, no molly-guard) - name: (Raspbian) Reboot after kernel update (Ansible < 2.8, no molly-guard)
reboot: ansible.builtin.reboot:
when: when:
- ansible_version.full is version('2.8.0', '<') - ansible_version.full is version('2.8.0', '<')
- wireguard__register_kernel_update is changed - wireguard__register_kernel_update is changed
- not wireguard__register_molly_guard.stat.exists - not wireguard__register_molly_guard.stat.exists
- name: (Raspbian) Reboot after kernel update (Ansible < 2.8, with molly-guard) - name: (Raspbian) Reboot after kernel update (Ansible < 2.8, with molly-guard)
command: /lib/molly-guard/shutdown -r now ansible.builtin.command: /lib/molly-guard/shutdown -r now
async: 1 async: 1
poll: 0 poll: 0
ignore_unreachable: true ignore_unreachable: true
@ -60,20 +60,20 @@
- wireguard__register_molly_guard.stat.exists - wireguard__register_molly_guard.stat.exists
- name: (Raspbian) Waiting for host to be available (Ansible < 2.8, with molly-guard) - name: (Raspbian) Waiting for host to be available (Ansible < 2.8, with molly-guard)
wait_for_connection: ansible.builtin.wait_for_connection:
when: when:
- ansible_version.full is version('2.8.0', '<') - ansible_version.full is version('2.8.0', '<')
- wireguard__register_kernel_update is changed - wireguard__register_kernel_update is changed
- wireguard__register_molly_guard.stat.exists - wireguard__register_molly_guard.stat.exists
- name: (Raspbian) Install latest kernel headers to compile Wireguard with DKMS - name: (Raspbian) Install latest kernel headers to compile Wireguard with DKMS
apt: ansible.builtin.apt:
name: name:
- "raspberrypi-kernel-headers" - "raspberrypi-kernel-headers"
state: latest state: latest
- name: (Raspbian) Install WireGuard packages - name: (Raspbian) Install WireGuard packages
apt: ansible.builtin.apt:
name: name:
- "wireguard-dkms" - "wireguard-dkms"
- "wireguard-tools" - "wireguard-tools"

@ -6,25 +6,25 @@
- name: (Debian) Tasks for Debian version <= 10 - name: (Debian) Tasks for Debian version <= 10
block: block:
- name: (Debian) Add WireGuard repository on buster - name: (Debian) Add WireGuard repository on buster
apt_repository: ansible.builtin.apt_repository:
repo: "deb http://deb.debian.org/debian buster-backports main" repo: "deb http://deb.debian.org/debian buster-backports main"
state: present state: present
update_cache: true update_cache: true
- name: (Debian) Install kernel headers for the currently running kernel to compile Wireguard with DKMS - name: (Debian) Install kernel headers for the currently running kernel to compile Wireguard with DKMS
apt: ansible.builtin.apt:
name: name:
- "linux-headers-{{ ansible_kernel }}" - "linux-headers-{{ ansible_kernel }}"
state: present state: present
- name: (Debian) Get architecture - name: (Debian) Get architecture
command: "dpkg --print-architecture" ansible.builtin.command: "dpkg --print-architecture"
register: wireguard__fact_dpkg_arch register: wireguard__fact_dpkg_arch
changed_when: false changed_when: false
check_mode: false check_mode: false
- name: (Debian) Install kernel headers metapackage to ensure headers will be installed - name: (Debian) Install kernel headers metapackage to ensure headers will be installed
apt: ansible.builtin.apt:
name: name:
- "linux-headers-{{ wireguard__fact_dpkg_arch.stdout }}" - "linux-headers-{{ wireguard__fact_dpkg_arch.stdout }}"
state: present state: present
@ -34,7 +34,7 @@
- ansible_lsb.major_release is version('11', '<') - ansible_lsb.major_release is version('11', '<')
- name: (Debian) Install WireGuard packages - name: (Debian) Install WireGuard packages
apt: ansible.builtin.apt:
name: name:
- "wireguard" - "wireguard"
state: present state: present

@ -3,7 +3,7 @@
# Copyright (C) 2021 Steve Fan # Copyright (C) 2021 Steve Fan
# SPDX-License-Identifier: GPL-3.0-or-later # SPDX-License-Identifier: GPL-3.0-or-later
- include_tasks: - ansible.builtin.include_tasks:
file: "setup-debian-raspbian.yml" file: "setup-debian-raspbian.yml"
apply: apply:
tags: tags:
@ -13,7 +13,7 @@
- name: pve variants - name: pve variants
block: block:
- include_tasks: - ansible.builtin.include_tasks:
file: "setup-debian-pve-host-variant.yml" file: "setup-debian-pve-host-variant.yml"
apply: apply:
tags: tags:
@ -22,7 +22,7 @@
- ansible_virtualization_role == "host" - ansible_virtualization_role == "host"
register: wireguard__register_pve_host_variant_setup register: wireguard__register_pve_host_variant_setup
- include_tasks: - ansible.builtin.include_tasks:
file: "setup-debian-pve-guest-variant.yml" file: "setup-debian-pve-guest-variant.yml"
apply: apply:
tags: tags:
@ -35,7 +35,7 @@
- ansible_kernel.find("pve") != -1 - ansible_kernel.find("pve") != -1
- include_tasks: - ansible.builtin.include_tasks:
file: "setup-debian-vanilla.yml" file: "setup-debian-vanilla.yml"
apply: apply:
tags: tags:

@ -3,7 +3,7 @@
# SPDX-License-Identifier: GPL-3.0-or-later # SPDX-License-Identifier: GPL-3.0-or-later
- name: (Fedora) Install WireGuard packages - name: (Fedora) Install WireGuard packages
yum: ansible.builtin.yum:
name: name:
- "wireguard-tools" - "wireguard-tools"
state: present state: present

@ -3,12 +3,12 @@
# SPDX-License-Identifier: GPL-3.0-or-later # SPDX-License-Identifier: GPL-3.0-or-later
- name: (MacOS) Install wireguard package - name: (MacOS) Install wireguard package
package: ansible.builtin.package:
name: wireguard-go name: wireguard-go
state: present state: present
become: true become: true
- name: (MacOS) Install wireguard-tools package - name: (MacOS) Install wireguard-tools package
package: ansible.builtin.package:
name: wireguard-tools name: wireguard-tools
state: present state: present

@ -4,7 +4,7 @@
- name: (openSUSE Leap) Install WireGuard packages - name: (openSUSE Leap) Install WireGuard packages
zypper: community.general.zypper:
name: name:
- "wireguard-tools" - "wireguard-tools"
state: present state: present

@ -3,20 +3,20 @@
# SPDX-License-Identifier: GPL-3.0-or-later # SPDX-License-Identifier: GPL-3.0-or-later
- name: (Rocky Linux 8) Install EPEL & ELRepo repository - name: (Rocky Linux 8) Install EPEL & ELRepo repository
yum: ansible.builtin.yum:
name: name:
- epel-release - epel-release
- elrepo-release - elrepo-release
update_cache: true update_cache: true
- name: (Rocky Linux 8) Ensure WireGuard DKMS package is removed - name: (Rocky Linux 8) Ensure WireGuard DKMS package is removed
yum: ansible.builtin.yum:
name: name:
- "wireguard-dkms" - "wireguard-dkms"
state: absent state: absent
- name: (Rocky Linux 8) Install WireGuard packages - name: (Rocky Linux 8) Install WireGuard packages
yum: ansible.builtin.yum:
name: name:
- "kmod-wireguard" - "kmod-wireguard"
- "wireguard-tools" - "wireguard-tools"

@ -3,14 +3,14 @@
# SPDX-License-Identifier: GPL-3.0-or-later # SPDX-License-Identifier: GPL-3.0-or-later
- name: (Ubuntu) Update APT package cache - name: (Ubuntu) Update APT package cache
apt: ansible.builtin.apt:
update_cache: "{{ wireguard_ubuntu_update_cache }}" update_cache: "{{ wireguard_ubuntu_update_cache }}"
cache_valid_time: "{{ wireguard_ubuntu_cache_valid_time }}" cache_valid_time: "{{ wireguard_ubuntu_cache_valid_time }}"
- name: (Ubuntu) Tasks for Ubuntu < 19.10 - name: (Ubuntu) Tasks for Ubuntu < 19.10
block: block:
- name: (Ubuntu) Install support packages needed for Wireguard (for Ubuntu < 19.10) - name: (Ubuntu) Install support packages needed for Wireguard (for Ubuntu < 19.10)
package: ansible.builtin.package:
name: "{{ packages }}" name: "{{ packages }}"
state: present state: present
vars: vars:
@ -21,12 +21,12 @@
- ansible_lsb.major_release is version('19.10', '<') - ansible_lsb.major_release is version('19.10', '<')
- name: (Ubuntu) Ensure WireGuard DKMS package is removed - name: (Ubuntu) Ensure WireGuard DKMS package is removed
apt: ansible.builtin.apt:
name: name:
- "wireguard-dkms" - "wireguard-dkms"
state: absent state: absent
- name: (Ubuntu) Install wireguard package - name: (Ubuntu) Install wireguard package
apt: ansible.builtin.apt:
name: "wireguard" name: "wireguard"
state: present state: present

@ -26,16 +26,16 @@ Table = {{ wireguard_table }}
PreUp = {{ wg_preup }} PreUp = {{ wg_preup }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if wireguard_predown is defined %}
{% for wg_predown in wireguard_predown %}
PreDown = {{ wg_predown }}
{% endfor %}
{% endif %}
{% if wireguard_postup is defined %} {% if wireguard_postup is defined %}
{% for wg_postup in wireguard_postup %} {% for wg_postup in wireguard_postup %}
PostUp = {{ wg_postup }} PostUp = {{ wg_postup }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if wireguard_predown is defined %}
{% for wg_predown in wireguard_predown %}
PreDown = {{ wg_predown }}
{% endfor %}
{% endif %}
{% if wireguard_postdown is defined %} {% if wireguard_postdown is defined %}
{% for wg_postdown in wireguard_postdown %} {% for wg_postdown in wireguard_postdown %}
PostDown = {{ wg_postdown }} PostDown = {{ wg_postdown }}

Loading…
Cancel
Save